It seems that the type user does not honor setting purge_ssh_keys => false correctly. puppet language:
user { "myuser": |
ensure => present, |
[...] |
purge_ssh_keys => false, |
}
|
leads to the following warning:
/Stage[main]/Mymodule/Mymodule::Mydefinedtype[myuser]/User[myuser] (warning): Ssh_authorized_key type is not available. Cannot purge SSH keys.
|
Diving into the code, this seems logical: https://github.com/puppetlabs/puppet/blob/main/lib/puppet/type/user.rb#L698 self[:purge_ssh_keys] may take values :true, :false and ["string1", "string2"], but
irb(main):001:0> foo = :false |
irb(main):002:0> foo.empty? |
=> false |
irb(main):003:1* if !foo.empty? |
irb(main):004:1* puts "something wrong here" |
irb(main):005:0> end |
something wrong here |
=> nil
|
I'd recommend the following patch to fix this:
--- /opt/puppetlabs/puppet/lib64/ruby/vendor_ruby/puppet/type/user.rb 2021-06-29 14:56:58.756944173 +0200 |
+++ /tmp/user.rb 2021-06-29 14:56:35.920004027 +0200 |
@@ -695,7 +695,7 @@ |
end |
|
def generate |
- if !self[:purge_ssh_keys].empty? |
+ if !self[:purge_ssh_keys].empty? && !(self[:purge_ssh_keys] == :false) |
return [] if self[:ensure] == :present && !provider.exists? |
if Puppet::Type.type(:ssh_authorized_key).nil? |
warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
|
|